VYPR
Moderate severityNVD Advisory· Published Oct 20, 2021· Updated Apr 30, 2025

Camaleon CMS - Stored Cross-Site Scripting (XSS) in Comments

CVE-2021-25969

Description

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
camaleon_cmsRubyGems
>= 0.0.1, < 2.6.0.12.6.0.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.